The Department of Commerce has issued a final rule amending the department’s authority to determine whether certain transactions involving information and communications technology and services pose risks to national security.
Based on feedback received from the public, the Commerce Department has ruled to revise its interim rule to include potential risk indicators related to connected software applications, according to a notice published in the Federal Register.
Among the indicators are a lack of thorough and reliable third-party auditing of connected software applications, the scope and sensitivity of data collected by connected such applications and the use of these applications to conduct surveillance that enables espionage.
The final rule also specifies “end-point computing devices” and “via the internet” to clarify the terminology of connected software applications.